Lucene search
K

28 matches found

RedHat Linux
RedHat Linux
added 2026/07/06 3:52 a.m.4 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS5.9AI score0.00478EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Oracle Linux 9 : git-lfs (ELSA-2026-30854)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-30854 advisory. - Fix CVE-2026-39821: vendored golang.org/x/net/idna ToUnicode incorrectly accepting all-ASCII xn-- labels Tenable has extracted the preceding description bloc...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 6:18 p.m.12 views

CVE-2026-57053

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...

4CVSS0.0011EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 4:40 p.m.18 views

CVE-2026-57053

CVE-2026-57053 affects GNU libidn before 1.44, with out-of-bounds reads of uninitialized memory in the ToUnicode APIs due to mishandling in idna_to_unicode_internal; the vulnerable code is not present in libidn2. The CVSSv3.1 base score is 4.0 (Medium), with LOCAL attack vector, HIGH complexity, ...

4CVSS5.9AI score0.0011EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/23 4:40 p.m.8 views

CVE-2026-57053

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...

4CVSS5.9AI score0.0011EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51573

Name of the Vulnerable Software and Affected Versions GNU libidn versions prior to 1.44 Description An issue exists in the ToUnicode APIs due to mishandling in the idna to unicode internal function, which can lead to out-of-bounds reads of uninitialized memory. Recommendations Update to version...

4CVSS5.8AI score0.0011EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1847)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1847 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

9.6CVSS7AI score0.00478EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/05/28 3:58 a.m.59 views

SUSE CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

7.4CVSS5.8AI score0.00478EPSS
Exploits0References62
Snyk
Snyk
added 2026/05/22 5:42 p.m.10 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...

9.6CVSS5.6AI score0.00478EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the ToASCII and ToUnicode functions accepting Punycode encoded tags that are decoded...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References5
OSV
OSV
added 2026/03/06 9:1 p.m.5 views

OPENSUSE-SU-2026:20333-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-27628: Fixed infinite loop when loading circular /Prev entries in cross-reference streams bsc1258940 - CVE-2026-27888: Fixed issue where manipulated FlateDecode XFA streams can exhaust RAM bsc1258934 -...

8.7CVSS5.8AI score0.00408EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.4 views

SUSE CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References3
OSV
OSV
added 2026/02/20 10:16 p.m.6 views

DEBIAN-CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

5.5CVSS5.4AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 10:16 p.m.4 views

UBUNTU-CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

6.9CVSS5.8AI score0.00168EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/02/20 9:11 p.m.8 views

CVE-2026-27025

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

6.9CVSS5.3AI score0.00168EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/20 9:11 p.m.5 views

CVE-2026-27025 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

6.9CVSS5.5AI score0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/02/20 9:11 p.m.8 views

CVE-2026-27025 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...

6.9CVSS5.5AI score0.00168EPSS
Exploits0References6
CVE
CVE
added 2026/02/20 9:11 p.m.24 views

CVE-2026-27025

CVE-2026-27025 affects the PyPDF family (pypdf). The issue is triggered by parsing a PDF’s font /ToUnicode entry with unusually large values, causing long runtimes and large memory usage (DoS risk). The vulnerability is fixed in pypdf 6.7.1; remediation is upgrading to 6.7.1 or newer. Connected a...

6.9CVSS5.5AI score0.00168EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

pypdf 安全漏洞

pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Versions of pypdf prior to 6.7.1 contained security vulnerabilities. These vulnerabilities stemmed from /ToUnicode entries in the font parsing, whic...

6.9CVSS5.9AI score0.00168EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/18 10:41 p.m.9 views

pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. Patches This has been fixed in pypdf==6.7.1. Workarounds ...

6.9CVSS5.5AI score0.00168EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder